[PATCH] Allow winbindd to be run in the AD DC

Andrew Bartlett abartlet at samba.org
Sun Apr 13 22:05:39 MDT 2014

On Wed, 2014-04-09 at 15:37 +1200, Andrew Bartlett wrote:
> My testing is going surprisingly well, and the full branch can be seen
> here:
> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/ad-dc-winbindd
> Attached is a patch to allow winbindd to be launched just as smbd is, by
> the samba process.  As well as matching my proposed deployment pattern,
> it allows testing by simply changing the smb.conf configuration or
> defaults.
> More broadly with this and the other patches I've sent or in the link
> above, the passdb_samba_dsdb module is doing the hard work in the merged
> winbindd, providing access to the users and groups, and most critically
> to the idmap database. 
> Currently we run the source3 RPC servers, not the source4 servers as the
> code to use the RPC pipes does not appear to be being invoked from
> winbindd. 
> Even so, while we don't have a lot of tests for winbind, much of what we
> do have does pass, and I would be very interested in seeing how this
> works for others. 

Any comments on my patch, my approach or why the named pipe forwarding
doesn't work for the winbindd code?

It has been long said that making the AD DC use winbindd is a important
task and a blocker for some users, so I'm curious to know if anyone else
is interested on working with me on this, or at least testing out the
WIP branch.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list